SQL Vulnerability Assessment has been available for preview on Azure SQL Database for a couple of months, and has now been released on SSMS 17.4, supporting scanning of SQL Server 2012 and up. Whether on-premises or on a VM!

SQL Vulnerability Assessment

SQL Vulnerability Assessment (VA) is your one-stop-shop to discover, track and remediate potential database vulnerabilities. It can be used as an excellent preventive security measure, providing visibility into your security state and offering actionable steps to investigate, manage and resolve security issues and enhance your database fortifications.

Vulnerability Assessment report in SSMS

Not only does VA expose some of the possible security flaws you have in your database system, it also provides remediation scripts to resolve issues within a couple of mouse clicks. In addition, you can accept specific results as your approved baseline state, and the VA scan report will be customized accordingly to expect these values.

Approving a VA result as your baseline

Beyond improving your database security, VA can be an invaluable tool to help meet data privacy requirements or help comply with data protection regulations like the EU GDPR. VA simplifies the processes involved in addressing these, and also facilities ongoing monitoring of your database protection status.

What are people saying about Vulnerability Assessment?

VA was designed to be straightforward and easy to use, giving you a simple way to improve your database security stature.

Our preview customers have been using the service to lock down their database security, and to help address their data privacy requirements.

Customers have been most impressed with the quick and lightweight nature of the scan. They are also very appreciative of the actionable remediations available directly within the VA experience.

“I personally like the tool, and the feedback from other teams has been positive. Everyone found the tool very easy to run, the findings easy to understand, and fixes were straightforward thanks to the remediation scripts.”

“This is another example of Microsoft making security more approachable, even if you are not a security expert. After running a scan you will probably see some quick wins making your database more secure step by step.”

– Tom Kerkhove, Azure Consultant at Codit and Microsoft Azure MVP

Now in SSMS

VA has now been released as an integral part of SQL Server Management Studio (SSMS)! You can run an assessment from within SSMS on any database you connect to, whether on-premises or in the cloud. VA supports SQL Server 2012 and up.

Running a VA scan on your SQL Server includes a richer set of security checks than the scan on Azure SQL Database, since there are more relevant checks for the SQL Server surface area. When running a scan from SSMS on your Azure SQL Database, you can expect a similar result to the one you see in the Azure Portal. Your baselines do not persist across, though, so you will need to manage them separately.

To run an assessment from SSMS, all you need to do is connect to your database, right click on the database and select Tasks ->Vulnerability Assessment -> Scan for Vulnerabilities… The scan takes just a few seconds to run, and the results are stored on your local file system, (you can configure the target location). You will then see the full results report in the SSMS pane, and you can drill down to each individual result for details and remediation steps, and to set your result baseline.